package com.etl.util;

import java.util.regex.Matcher;
import java.util.regex.Pattern;

public class RegularUtil {

    /**
     * 是否含有sql注入，返回true表示含有
     * @param obj
     * @return
     */
    public static boolean containsSqlInjection(Object obj){
        String tmp = obj.toString().toLowerCase();
        Pattern pattern= Pattern.compile("\\b(exec|insert|drop|grant|alter|delete|update|master|truncate)\\b");
        Matcher matcher=pattern.matcher(tmp);
        return matcher.find();
    }

    /**
     * 是否含有sql注入，返回true表示含有
     * @param obj
     * @return
     */
    public static boolean containsSqlInjectionWithoutInsert(Object obj){
        String tmp = obj.toString().toLowerCase();
        Pattern pattern= Pattern.compile("\\b(exec|drop|grant|alter|master)\\b");
        Matcher matcher=pattern.matcher(tmp);
        return matcher.find();
    }
}
